<?php
if (!defined("_INDEX")) { header("Location: /"); die; }

if (empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest'){
	die;
}

$id = UV::readInt($route->POST("id"));
$text = trim(UV::readMQ($route->POST("text")));

if (is_numeric($id)){
	if ($text != ""){
		$query = "select `vote_id` from `votes` as `V`,`companies` as `C`,`agent` as `A`
			where
				`V`.`object_type` = 'company' and
				`V`.`vote_id` = '{$id}' and
				`V`.`object_id` = `C`.`company_id` and
				`C`.`company_id` = `A`.`company_id` and
				`A`.`user_id` = '".$user->getUserId()."'
			limit 1";
		if ($db->getCell($query)){
			$query = "update `votes` set `comment` = '".htmlspecialchars($text)."' where `vote_id` = '$id' limit 1";
			if ($db->sendQuery($query)){
				echo '{"type":"success",';
				echo '"text":"'.str_replace("\&","&",str_replace("\'","'",str_replace("\r","",str_replace("\n","<br>",htmlspecialchars(str_replace("\\","\\",$text)))))).'",';
				echo '"text2":"'.str_replace("\\","\\",str_replace("\"","\"",str_replace("\'","'",str_replace("\r","\\\\r",str_replace("\n","\\\\n",$text))))).'"}';
			} else {
				echo '{"type":"error"}';
			}
		} else {
			echo '{"type":"access"}';
		}
	} else {
		echo '{"type":"empty"}';
	}
} else {
	echo '{"type":"access"}';
}